Use Windows Server 2008 as a VPN Server


I am looking for a solution in Windows Server 2008. i have heard that windows Server 2008 has the ability to act as a VPN Server with great capabilities.
I am having 10 to 15 locations, where all the locations are working on a basic ADSL internet connection and they actually dial an SSLvPN using the Forticlient SSLVPN Client. I also use dyndns. So I want this Windows Server2008 BOX to act as aVPN Server and configure Site-to-Site VPN or IPSec VPN, where the VPN Tunnel is always on in all the sites and it is managed by Windows Server 2008.

This Windows Server 2008 Box has to behind the firewall or in the DMZ please recommend.

If there are logics and steps for configuration it will help a lot in improving our infrastructure on a great scale.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
Honestly, Windows VPN isn't the best solution for Site-to-Site VPN configuration. I very rarely recommend using it if there are VPN capable routers or firewalls in place. In great part because it utilizes PPTP, which isn't a very secure VPN protocol. You can secure the communications with IPSec, but that is *very* complex and pretty hard to get working in Windows as it requires a full Public Key Infrastructure with a Certificate Authority on your network. If you have VPN capable Routers/Firewalls at all your locations, you should be able to set up a site-to-site VPN connection using those, which is usually much easier to set up and often much more secure. If you have Fortigates at all your locations, can give you some good information on how to get a site to site IPSec VPN going with those.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
brandscoAuthor Commented:
hi we have fortigate 200a firewall device in the Head Office.. This device can create Ipsec (site to site) tunnels... but on the other hand side we dont have the budget to put any firewall device... can u please tell me if we can have fortigate in the head office and windows servers in the branch office? I am also going to go through fully the document that you have provided. Thank You Very Much
Adam BrownSr Solutions ArchitectCommented:
Do you have servers at all sites already? What device do you have connected to your ADSL connection at your remote sites as a router?
If you have a server in every remote location, and you don't want to purchase firewalls / routers, and you don't have fixed IP addresses in remote locations, then PPTP tunnels using Windows Server 2008 RRAS service could be fine for you. At least at no cost.

The main server should be after a firewall/router doing NAT, or in a DMZ. You need to enable the RRAS role in all the remote services, create the tunnels, VPN users, routing, and so on.

Here is the guide you ar asking for (where you find all the information you need):

Also look at:

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocol Security

From novice to tech pro — start learning today.